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EXAMINER'S ANSWER 



This is in response to the appeal brief filed December 10' , 2003. 
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(1) Real Party in Interest 

A statement identifying the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

A statement identifying the related appeals and interferences which will directly affect or 
be directly affected by or have a bearing on the decision in the pending appeal is contained in the 
brief. 

(3) Status of Claims 

The statement of the status of the claims contained in the brief is incorrect. A correct 
statement of the status of the claims is as follows: 

This appeal involves claims 9-17, 22-29, 38-46, 51-58, 60, 62 and 63. 

Claiml-8, 18-21, 30-37, 47-50, 59 and 61 have been canceled in amendment A, see 

paperno. 6.. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection contained in 
the brief is correct. 

( 5) Summary of In vention 

The summary of invention contained in the brief is correct. 

(6) Issues 

The appellant's statement of the issues in the brief is correct. 
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(7) Grouping of Claims 

Appellant's brief includes a statement that claims 9-17, 22-29, 38-46, 51-58, 60, 62 and 
63 do not stand or fall together and provides reasons as set forth in 37 CFR 1.192(c)(7) and 
(c)(8). 

(8) Claims Appealed 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

( 9) Prior Art of Record 

5,884,312 Dustan et al 3-1999 

(10) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

2. Claims 22-29, 51-58, and 62 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Dustan et al 

3. Regarding claims 20, 25, 26, 28, 51, 54, 57 and 62 Dustan et al, figures 5 and 6, teach a 
system and method for securely accessing information from data sources through a network 
such that Applicants' step of sending a first request reads on the menu selection at step 218, 
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Applicants' credential reads on the account number and password at step 176, Applicants 1 
session identification reads on step 216, Applicants 1 second request reads on step 234. 

4. Regarding claims 21, 29, and 58: Dustan et al teach that each menu selection utilize 
scripts which are assigned a URL, column 15, lines 9-11. 

5. Regarding claim 22: Dustan et al teach that the session id is also verified, column 9, lines 
27 - 30. 

6. Regarding claims 23 and 52: Applicants' user name and password reads on the account 
number and password of Dustan et al. 

7. Regarding claims 24 and 53: Dustan et al teach that the session id is generated based on 
the date and time, considered to be random. 

8. Regarding claim 55: Dustan et al disclose storing the cookie, column 10, lines 37 -43. 

Claim Rejections - 35 USC §103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 9-17, 38-46, 60 and 63 rejected under 35 U.S.C. 103(a) as being unpatentable 
over Dustan et al in view of Shi et al. 

11. Regarding claims 9, 1 1, 13, 14, 16, 38, 42, 45, 60 and 63 Dustan et al, figures 5 and 6, 
teach a system and method for securely accessing information from data sources through a 
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network such that Applicants' step of sending a first request reads on the menu selection at step 
218, Applicants' credential reads on the account number and password at step 176, Applicants 1 
session identification reads on step 216, Applicants' second request reads on step 234. Dustan et 
al fail to teach that associating the presented credential with session data. However, Shi et al 
teach associating the presented credential with session data in abstract, figs 1, 3 and column 3 
lines 22-46. Therefore it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modify Dustan et al's inventive concept to include Shi et al's 
associating the presented credential with session data because this would have identifier to be 
used as a pointer into the in-memory credential database, and the credential is then retrieved and 
used to facilitate multiple file accesses from the distributed file system. 

12. Regarding claims 10 and 39: Applicants' user name and password reads on the account 
number and password of Dustan et al. 

13. Regarding claims 12 and 41 : Dustan et al teach that the session id is generated based on 
the date and time, considered to be random. 

14. Regarding claim 22: Dustan et al teach that the session id is also verified, column 9, lines 
27 - 30. 

15. Regarding claim 43: Dustan et al disclose storing the cookie, column 10, lines 37-43. 

16. Claims 6, 15, 27, 35, 44 and 56 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Dustan et al in view of Beyeh et al. 

Although Dustan et al do no specifically disclose that the session identification data 
structure is in a rewritten uniform resource locator, Beyeh et al do teach that the URL can be 
overwritten as another method of keeping track of the URL's visited by the client. Therefore, it is 
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considered that it would have been obvious to one of ordinary skill in the art at the time of the 
invention, to overwrite the URL, as disclosed by Beyeh et al if, for instance, cookies were not 
used and/or as another method of keeping track of the URL's visited by the client. 
(11) Response to Argument 

A. Appellant argue that claim 22 has been erroneously rejected under 35 USC 102(b) 
as every element of the claimed invention is not identically shown in a single reference. 
Appellant argues that the prior art fails to teach "retrieving a session data structure including a 
second credential in response to the session identification being valid or determining whether the 
first credential and the second credential match." Examiner respectfully disagrees with 
Appellant's characterization of Dustan's inventive concept. Dustan teach a system wherein when 
a user selects a desired function, database management system will initiate the corresponding 
stored procedure. For example, when a user desires to check a particular stock quote, database 
management system will initiate check quote stored procedure. Before actually attempting to 
access the associated data source, check quotes stored procedure will execute a check access 
stored procedure. The check access stored procedure is a security function. Generally though, 
check access stored procedure will receive the session id and account number that was provided 
when the user requested the current function. This information will be compared to the session id 
and account number that are stored within user table for verification. This event will then 
generate a record within activity log table to provide a record of the event. Assuming that access 
is allowed, control returns to check quotes stored procedure where check quote registered 
procedure is then executed {see column 15 lines 36-56). 
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B. Appellant further argues with respect to claim 9 of group II, a prima facie 
obviousness has no been established and that the prior art fail to teach "determining whether the 
credential is valid for both the client and the session data or sending the information to the client 
in response to the session identification and the credential being valid." Examiner respectfully 
disagrees with Appellant characterization of the prior art. Dustan et al teach a system wherein 
user may then desire to check portfolio information that is stored on some disparate data source. 
In response to requesting access to portfolio information, the client also provides the session id 
and account number back to database server where it is once again verified. Generally though, 
database server will verify the session id to ensure that the user has privileges or rights to 
perform the requested function. If so, the portfolio data is retrieved from the disparate data 
source using a stored procedure and a registered procedure of database server and the 
information is provided back to the user in any of a variety of formats, such as web page, an e- 
mail, or as a voice message (see column 9 lines 17-44), 

C. Appellant argues that Group III (claim 62) was not properly rejected. Examiner 
respectfully disagrees with Appellant. A typographically error was committed by the Examiner 
in rejecting numbering the claims rejected in paragraph 3 in the final rejection. However, claim 
62 is listed along with claim 20, 25, 26, 28, 51, 54 and 57 in paragraph 4. Therefore, claim 62 is 
properly rejected. 



For the above reasons, it is believed that the rejections should be sustained. 
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